- Published on
Vulnhub - Basic Pentesting 1
Today, We are going to pwn Basic Pentesting 1 from Vulnhub
Description
This is a small boot2root VM I created for my university’s cyber security group. It contains multiple remote vulnerabilities and multiple privilege escalation vectors. I did all of my testing for this VM on VirtualBox, so that’s the recommended platform. I have been informed that it also works with VMware, but I haven’t tested this personally. This VM is specifically intended for newcomers to penetration testing. If you’re a beginner, you should hopefully find the difficulty of the VM to be just right. Your goal is to remotely attack the VM and gain root privileges. Once you’ve finished, try to find other vectors you might have missed! If you enjoyed the VM or have questions, feel free to contact me at: josiah@vt.edu If you finished the VM, please also consider posting a writeup! Writeups help you internalize what you worked on and help anyone else who might be struggling or wants to see someone else’s process. I look forward to reading them!
Download Link : https://www.vulnhub.com/entry/basic-pentesting-1,216/#download
Lets Start with Initial Scan
Nmap Scan Results
Since there is a HTTP port open lets start our Gobuster
Lets check the webpage to find any vulnerability.
Nothing Usefull, So lets have a look on
/secret
Since it is Wordpress we can use wpscan to find vulnerable plugins or users. 
We found a user called admin
FTP Enumeration
Btw We found a FTP port open so we can try anonymous login 
Anonymous login Failed
Privilege Escalation
But FTP port proftpd 1.3.3c looks like vulnerable
https://www.rapid7.com/db/modules/exploit/unix/ftp/proftpd_133c_backdoor
yes it is and there is a metasploit exploit!!
We got the root itself!!!